<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Upgrade iRedMail from 1.4.0 to 1.4.1</title>
        <link rel="stylesheet" type="text/css" href="./css/markdown.css" />
    </head>
    <body>

    <div id="navigation">
    <a href="https://www.iredmail.org" target="_blank">
        <img alt="iRedMail web site"
             src="./images/logo-iredmail.png"
             style="vertical-align: middle; height: 30px;"
             />&nbsp;
        <span>iRedMail</span>
    </a>
    &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="upgrade-iredmail-from-140-to-141">Upgrade iRedMail from 1.4.0 to 1.4.1</h1>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Check out the lightweight on-premises email archiving software developed by iRedMail team: <a href="https://spiderd.io/">Spider Email Archiver</a>.</p>
</div>
<div class="toc">
<ul>
<li><a href="#upgrade-iredmail-from-140-to-141">Upgrade iRedMail from 1.4.0 to 1.4.1</a><ul>
<li><a href="#changelog">ChangeLog</a></li>
<li><a href="#general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</a><ul>
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
<li><a href="#upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-503">Upgrade iRedAPD (Postfix policy server) to the latest stable release (5.0.3)</a></li>
<li><a href="#upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-15">Upgrade iRedAdmin (open source edition) to the latest stable release (1.5)</a></li>
<li><a href="#upgrade-mlmmjadmin-to-the-latest-stable-release-312">Upgrade mlmmjadmin to the latest stable release (3.1.2)</a></li>
<li><a href="#upgrade-netdata-to-the-latest-stable-release-1310">Upgrade netdata to the latest stable release (1.31.0)</a></li>
<li><a href="#amavisd-add-some-useful-ban-rules">Amavisd: Add some useful ban rules</a><ul>
<li><a href="#example-how-to-use-these-ban-rules">Example: How to use these ban rules</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#for-openldap-backend">For OpenLDAP backend</a><ul>
<li><a href="#add-new-attributevalue-pairs-for-per-user-sogo-webmail-calendar-activesync-service-control">Add new attribute/value pairs for per-user SOGo webmail / calendar / activesync service control</a></li>
<li><a href="#sogo-update-config-file">SOGo: Update config file</a></li>
</ul>
</li>
<li><a href="#for-mysql-and-mariadb-backends">For MySQL and MariaDB backends</a><ul>
<li><a href="#add-new-sql-columns-in-vmailmailbox-table-for-per-user-sogo-webmail-calendar-activesync-service-control">Add new SQL columns in vmail.mailbox table for per-user SOGo webmail / calendar / activesync service control</a></li>
<li><a href="#sogo-re-create-sql-view-and-update-config-file">SOGo: Re-create SQL VIEW and update config file</a></li>
</ul>
</li>
<li><a href="#for-postgresql-backend">For PostgreSQL backend</a><ul>
<li><a href="#add-new-sql-columns-in-vmailmailbox-table-for-per-user-sogo-webmail-calendar-activesync-service-control_1">Add new SQL columns in vmail.mailbox table for per-user SOGo webmail / calendar / activesync service control</a></li>
<li><a href="#sogo-re-create-sql-view-and-update-config-file_1">SOGo: Re-create SQL VIEW and update config file</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="admonition note">
<p class="admonition-title">Remote Upgrade Assistance</p>
<p>Check out our <a href="https://www.iredmail.org/support.html">remote upgrade support</a> if you need assistance.</p>
</div>
<h2 id="changelog">ChangeLog</h2>
<ul>
<li>Sep 13, 2021: Upgrade netdata to 1.31.0.</li>
<li>Sep 13, 2021: Fix incorrect PostgreSQL column type for new columns introduced
  in table <code>vmail.mailbox</code>.</li>
<li>Sep 08, 2021: initial release.</li>
</ul>
<h2 id="general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</h2>
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:</p>
<pre><code>1.4.1
</code></pre>
<h3 id="upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-503">Upgrade iRedAPD (Postfix policy server) to the latest stable release (5.0.3)</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>iRedAPD has been migrated to Python 3 and doesn't support Python 2 anymore.</p>
</div>
<p>Please follow below tutorial to upgrade iRedAPD to the latest stable release:
<a href="./upgrade.iredapd.html">Upgrade iRedAPD to the latest stable release</a></p>
<h3 id="upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-15">Upgrade iRedAdmin (open source edition) to the latest stable release (1.5)</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>iRedAdmin has been migrated to Python 3 and doesn't support Python 2 anymore.</p>
</div>
<p>Please follow below tutorial to upgrade iRedAdmin to the latest stable release:
<a href="./migrate.or.upgrade.iredadmin.html">Upgrade iRedAdmin to the latest stable release</a>.</p>
<h3 id="upgrade-mlmmjadmin-to-the-latest-stable-release-312">Upgrade mlmmjadmin to the latest stable release (3.1.2)</h3>
<p>Please follow below tutorial to upgrade mlmmjadmin to the latest stable release:
<a href="./upgrade.mlmmjadmin.html">Upgrade mlmmjadmin to the latest stable release</a></p>
<h3 id="upgrade-netdata-to-the-latest-stable-release-1310">Upgrade netdata to the latest stable release (1.31.0)</h3>
<p>If you have netdata installed, you can upgrade it by following this tutorial:
<a href="./upgrade.netdata.html">Upgrade netdata</a>.</p>
<h3 id="amavisd-add-some-useful-ban-rules">Amavisd: Add some useful ban rules</h3>
<p>Microsoft Office documents are banned with iRedMail default settings, but it's
common that some mailbox may need to receive such documents.</p>
<p>Here we define some ban rules to allow these Office document types, iRedMail
server admin can update per-user spam policy to allow receiving such documents.</p>
<ul>
<li>Update Amavisd config file and append these lines before the last line (<code>1;</code>):<ul>
<li>on RHEL/CentOS/Rocky Linux, it's <code>/etc/amavisd/amavisd.conf</code>.</li>
<li>on Debian/Ubuntu, it's <code>/etc/amavis/conf.d/50-user</code>.</li>
<li>on FreeBSD, it's <code>/usr/local/etc/amavisd.conf</code>.</li>
<li>on OpenBSD, it's <code>/etc/amavisd/amavisd.conf</code>.</li>
</ul>
</li>
</ul>
<pre><code># Define some useful rules.
%banned_rules = (
    # Allow all Microsoft Office documents.
    'ALLOW_MS_OFFICE'   =&gt; new_RE([qr'.\.(doc|docx|xls|xlsx|ppt|pptx)$'i =&gt; 0]),

    # Allow Microsoft Word, Excel, PowerPoint documents separately.
    'ALLOW_MS_WORD'     =&gt; new_RE([qr'.\.(doc|docx)$'i =&gt; 0]),
    'ALLOW_MS_EXCEL'    =&gt; new_RE([qr'.\.(xls|xlsx)$'i =&gt; 0]),
    'ALLOW_MS_PPT'      =&gt; new_RE([qr'.\.(ppt|pptx)$'i =&gt; 0]),

    # Default rule.
    'DEFAULT' =&gt; $banned_filename_re,
);
</code></pre>
<ul>
<li>Restarting Amavisd service is required.</li>
</ul>
<p>Here we defines 5 ban rules:</p>
<ul>
<li><code>ALLOW_MS_OFFICE</code>: Allow all Microsoft Office documents.</li>
<li><code>ALLOW_MS_WORD</code>: Allow Microsoft Word documents (<code>.doc</code>, <code>.docx</code>).</li>
<li><code>ALLOW_MS_EXCEL</code>: Allow Microsoft Excel documents (<code>.xls</code>, <code>.xlsx</code>).</li>
<li><code>ALLOW_MS_PPT</code>: Allow Microsoft PowerPoint documents (<code>.ppt</code>, <code>.pptx</code>).</li>
<li><code>DEFAULT</code>: use the default ban rule defined in <code>$banned_filename_re</code>.</li>
</ul>
<p>You're free to define more ban rules to fit your own needs.</p>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<h4 id="example-how-to-use-these-ban-rules">Example: How to use these ban rules</h4>
<p>If you already define per-user, per-domain, or global spam policy with
iRedAdmin-Pro or manually, you can now assign these ban rules to them.</p>
<p>For example, if you have spam policy for user <code>user@domain.com</code>, to allow
this user to accept Microsoft Word and Excel documents, you can run SQL
commands below to achieve it (Note: we use MySQL for example):</p>
<pre><code>USE amavisd;
UPDATE policy SET banned_rulenames="ALLOW_MS_WORD,ALLOW_MS_EXCEL" WHERE policy_name="user@domain.com";
</code></pre>
</div>
<h2 id="for-openldap-backend">For OpenLDAP backend</h2>
<h3 id="add-new-attributevalue-pairs-for-per-user-sogo-webmail-calendar-activesync-service-control">Add new attribute/value pairs for per-user SOGo webmail / calendar / activesync service control</h3>
<p>iRedMail-1.4.1 improves SOGo config file and it's able to enable or disable
per-user SOGo webmail, calendar, activesync services with 3 new LDAP
attribute/value pairs:</p>
<ul>
<li><code>enabledService=sogowebmail</code></li>
<li><code>enabledService=sogocalendar</code></li>
<li><code>enabledService=sogoactivesync</code></li>
</ul>
<p>The old <code>enabledService=sogo</code> is still used to enable or disable whole SOGo
access.</p>
<ul>
<li>Download script used to update existing mail accounts:</li>
</ul>
<pre><code>cd /root/
wget https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/update-ldap.py
</code></pre>
<ul>
<li>
<p>Open downloaded file <code>update-ldap.py</code>, set LDAP server related settings in
  this file:</p>
<p>You can find required LDAP credential in iRedAdmin config file
(<code>/opt/www/iredadmin/settings.py</code>), using either
<code>cn=Manager,dc=xx,dc=xx</code> or <code>cn=vmailadmin,dc=xx,dc=xx</code> as bind dn is ok.</p>
</li>
</ul>
<pre><code># Part of file: updateLDAPValues_099_to_1.py

uri = 'ldap://127.0.0.1:389'
basedn = 'o=domains,dc=example,dc=com'
bind_dn = 'cn=vmailadmin,dc=example,dc=com'
bind_pw = 'passwd'
</code></pre>
<ul>
<li>Execute this script with Python-3 to update LDAP data:</li>
</ul>
<pre><code># python3 update-ldap.py
</code></pre>
<h3 id="sogo-update-config-file">SOGo: Update config file</h3>
<p>Open SOGo main config file <code>/etc/sogo/sogo.conf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/sogo/sogo.conf</code> (FreeBSD), find the <code>SOGoUserSources</code> block
like below:</p>
<pre><code>    // Authentication using LDAP
    SOGoUserSources = (
        {
            // Used for user authentication
            type = ldap;
            id = users;
            canAuthenticate = YES;

            // ... we omit other config lines here ...
        }
    )
</code></pre>
<p>Add new parameter <code>ModulesConstraints</code> right after <code>canAuthenticate = YES;</code>
line like below:</p>
<pre><code>    SOGoUserSources = (
        {
            // ... we omit other config lines here ...
            canAuthenticate = YES;

            ModulesConstraints = {
                Mail = { enabledService = sogowebmail; };
                Calendar = { enabledService = sogocalendar; };
                ActiveSync = { enabledService = sogoactivesync; };
            };

            // ... we omit other config lines here ...
        }
    )
</code></pre>
<h2 id="for-mysql-and-mariadb-backends">For MySQL and MariaDB backends</h2>
<h3 id="add-new-sql-columns-in-vmailmailbox-table-for-per-user-sogo-webmail-calendar-activesync-service-control">Add new SQL columns in <code>vmail.mailbox</code> table for per-user SOGo webmail / calendar / activesync service control</h3>
<p>iRedMail-1.4.1 introduces 3 new columns used to enable or disable per-user
SOGo webmail, calendar and activesync services:</p>
<ul>
<li><code>enablesogowebmail</code></li>
<li><code>enablesogocalendar</code></li>
<li><code>enablesogoactivesync</code></li>
</ul>
<p>Download plain SQL file used to update SQL table, then import it as
MySQL root user (Please run commands below as <code>root</code> user):</p>
<pre><code>wget -O /tmp/iredmail.mysql https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/iredmail.mysql
mysql vmail &lt; /tmp/iredmail.mysql
rm -f /tmp/iredmail.mysql
</code></pre>
<h3 id="sogo-re-create-sql-view-and-update-config-file">SOGo: Re-create SQL VIEW and update config file</h3>
<p>Download plain SQL file used to update SQL table, then import it as
MySQL root user (Please run commands below as <code>root</code> user):</p>
<pre><code>wget -O /tmp/sogo.mysql https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/sogo.mysql
mysql sogo &lt; /tmp/sogo.mysql
rm -f /tmp/sogo.mysql
</code></pre>
<p>Now open SOGo main config file <code>/etc/sogo/sogo.conf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/sogo/sogo.conf</code> (FreeBSD), find the <code>SOGoUserSources</code> block
like below:</p>
<pre><code>    // Authentication using SQL
    SOGoUserSources = (
        {
            type = sql;
            id = users;
            viewURL = ...
            canAuthenticate = YES;

            // ... we omit other config lines here ...
        }
    )
</code></pre>
<p>Add new parameter <code>ModulesConstraints</code> right after <code>canAuthenticate = YES;</code>
line like below:</p>
<pre><code>    SOGoUserSources = (
        {
            // ... we omit other config lines here ...
            canAuthenticate = YES;

            ModulesConstraints = {
                Mail = { c_webmail = y; };
                Calendar = { c_calendar = y; };
                ActiveSync = { c_activesync = y; };
            };

            // ... we omit other config lines here ...
        }
    )
</code></pre>
<p>Restarting SOGo service is requried.</p>
<h2 id="for-postgresql-backend">For PostgreSQL backend</h2>
<h3 id="add-new-sql-columns-in-vmailmailbox-table-for-per-user-sogo-webmail-calendar-activesync-service-control_1">Add new SQL columns in <code>vmail.mailbox</code> table for per-user SOGo webmail / calendar / activesync service control</h3>
<p>iRedMail-1.4.1 introduces 3 new columns used to enable or disable per-user
SOGo webmail, calendar and activesync services:</p>
<ul>
<li><code>enablesogowebmail</code></li>
<li><code>enablesogocalendar</code></li>
<li><code>enablesogoactivesync</code></li>
</ul>
<p>Download plain SQL file used to update SQL table:</p>
<pre><code>wget -O /tmp/iredmail.pgsql https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/iredmail.pgsql
chmod +r /tmp/iredmail.pgsql
</code></pre>
<ul>
<li>Connect to PostgreSQL server as <code>postgres</code> user and import the SQL file:<ul>
<li>on Linux, it's <code>postgres</code> user</li>
<li>on FreeBSD, it's <code>pgsql</code> user</li>
<li>on OpenBSD, it's <code>_postgresql</code> user</li>
</ul>
</li>
</ul>
<pre><code>su - postgres
psql -d vmail &lt; /tmp/iredmail.pgsql
</code></pre>
<ul>
<li>Remove downloaded file:</li>
</ul>
<pre><code>rm -f /tmp/iredmail.pgsql
</code></pre>
<h3 id="sogo-re-create-sql-view-and-update-config-file_1">SOGo: Re-create SQL VIEW and update config file</h3>
<p>Download plain SQL file used to update SQL table:</p>
<pre><code>wget -O /tmp/sogo.pgsql https://github.com/iredmail/iRedMail/raw/1.4.1/update/1.4.1/sogo.pgsql
chmod +r /tmp/sogo.pgsql
</code></pre>
<p>Please open file <code>/tmp/sogo.pgsql</code>, replace string <code>VMAIL_DB_BIND_PASSWD</code> by
the real password of SQL user <code>vmail</code>. You can find the password in any file
under <code>/etc/postfix/pgsql/</code>.</p>
<p>After updated <code>/tmp/sogo.pgsql</code>, please connect to PostgreSQL server as
<code>postgres</code> user and import the SQL file:</p>
<ul>
<li>on Linux, it's <code>postgres</code> user</li>
<li>on FreeBSD, it's <code>pgsql</code> user</li>
<li>on OpenBSD, it's <code>_postgresql</code> user</li>
</ul>
<pre><code>su - postgres
psql -d sogo &lt; /tmp/sogo.pgsql
</code></pre>
<ul>
<li>Remove downloaded file:</li>
</ul>
<pre><code>rm -f /tmp/sogo.pgsql
</code></pre>
<p>Now open SOGo main config file <code>/etc/sogo/sogo.conf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/sogo/sogo.conf</code> (FreeBSD), find the <code>SOGoUserSources</code> block
like below:</p>
<pre><code>    // Authentication using SQL
    SOGoUserSources = (
        {
            type = sql;
            id = users;
            viewURL = ...
            canAuthenticate = YES;

            // ... we omit other config lines here ...
        }
    )
</code></pre>
<p>Add new parameter <code>ModulesConstraints</code> right after <code>canAuthenticate = YES;</code>
line like below:</p>
<pre><code>    SOGoUserSources = (
        {
            // ... we omit other config lines here ...
            canAuthenticate = YES;

            ModulesConstraints = {
                Mail = { c_webmail = y; };
                Calendar = { c_calendar = y; };
                ActiveSync = { c_activesync = y; };
            };

            // ... we omit other config lines here ...
        }
    )
</code></pre>
<p>Restarting SOGo service is requried.</p><div class="footer">
    <p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>